Oncommand Workflow Automation

DATE	CVE	VULNERABILITY TITLE	RISK
2019-10-07	CVE-2019-17267	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. network low complexity fasterxml netapp debian redhat oracle CWE-502 critical	9.8
2019-10-01	CVE-2019-16943	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. network low complexity fasterxml debian fedoraproject redhat oracle netapp CWE-502 critical	9.8
2019-10-01	CVE-2019-16942	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. network low complexity fasterxml debian fedoraproject redhat netapp oracle CWE-502 critical	9.8
2019-09-16	CVE-2019-5482	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. network low complexity haxx fedoraproject opensuse netapp oracle debian CWE-787 critical	9.8
2019-09-15	CVE-2019-16335	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. network low complexity fasterxml fedoraproject debian netapp redhat oracle CWE-502 critical	9.8
2019-09-15	CVE-2019-14540	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. network low complexity fasterxml netapp fedoraproject debian redhat oracle CWE-502 critical	9.8
2019-09-10	CVE-2019-5503	Cleartext Transmission of Sensitive Information vulnerability in Netapp Oncommand Workflow Automation 5.0 OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. network low complexity netapp CWE-319	5.3
2019-09-09	CVE-2019-16168	Divide By Zero vulnerability in multiple products In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." network low complexity sqlite netapp canonical fedoraproject debian tenable oracle mcafee CWE-369	6.5
2019-07-29	CVE-2019-14379	SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. network low complexity fasterxml debian netapp fedoraproject redhat oracle apple critical	9.8
2019-07-02	CVE-2019-5443	Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. local low complexity haxx oracle netapp CWE-427	7.8